View Issue Details

IDProjectCategoryView StatusLast Update
0017977mantisbtbugtrackerpublic2015-01-25 18:17
ReporterdregadAssigned Todregad 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.2.18 
Target Version1.2.19Fixed in Version1.2.19 
Summary0017977: Fix handling of due dates
Description

Handling of due dates was broken (in master branch) due to commit fc02c46eea9d9e7cc472a7fc1801ea65d467db76 (see 0017640). This commit added stripping of null bytes, but did not correctly handle null values.

Additional Information

I'm creating this issue to retroactively track the change, because the commit needs to be backported to 1.2.x branch since fixing 0017640 basically introduced the same issue there.

TagsNo tags attached.

Relationships

related to 0017640 closeddregad CVE-2014-6387: Null byte poisoning in LDAP authentication 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master fc02c46e

2013-10-12 17:58:43

Paul Richards

Details Diff
Strip null bytes out of GPC input strings
mod - core/gpc_api.php Diff File

MantisBT: master-1.2.x 215968fa

2013-10-12 17:58:43

Paul Richards


Committer: dregad Details Diff
Strip null bytes out of GPC input strings

Backporting commit fc02c46eea9d9e7cc472a7fc1801ea65d467db76 from master
branch to fix issue 0017640

Signed-off-by: Damien Regad <dregad@mantisbt.org>
mod - core/gpc_api.php Diff File

MantisBT: master f725b469

2014-05-31 08:40:41

Paul Richards

Details Diff
Fix handling of due dates

This was broken due to commit fc02c46eea9d9e7cc472a7fc1801ea65d467db76.

This commit added stripping of null bytes, but did not correctly handle null values
mod - core/gpc_api.php Diff File

MantisBT: master-1.2.x 580d45e9

2014-05-31 08:40:41

Paul Richards


Committer: dregad Details Diff
Fix 0017977: handling of due dates

Commit 215968fa8ff33e327f0600765a5caa24de392cbc (backported from master
fc02c46eea9d9e7cc472a7fc1801ea65d467db76 to fix issue 0017640) added
stripping of null bytes in GPC API, but did not correctly handle null
values.

This is a backport of commit f725b46954a514880792dd4be8228287756fac3d
from master branch, to address this issue.

Signed-off-by: Damien Regad <dregad@mantisbt.org>
mod - core/gpc_api.php Diff File

Issue History

Date Modified Username Field Change
2014-12-21 13:05 dregad New Issue
2014-12-21 13:05 dregad Status new => assigned
2014-12-21 13:05 dregad Assigned To => dregad
2014-12-21 13:11 dregad Product Version => 1.2.18
2014-12-21 13:11 dregad Target Version => 1.2.19
2014-12-21 13:16 dregad Description Updated View Revisions
2014-12-21 13:19 dregad Changeset attached => MantisBT master fc02c46e
2014-12-21 13:19 dregad Changeset attached => MantisBT master-1.2.x 215968fa
2014-12-21 13:19 dregad Relationship added related to 0017640
2014-12-21 13:21 dregad Changeset attached => MantisBT master f725b469
2014-12-21 13:29 dregad Changeset attached => MantisBT master-1.2.x 580d45e9
2014-12-21 13:29 dregad Status assigned => resolved
2014-12-21 13:29 dregad Resolution open => fixed
2014-12-21 13:29 dregad Fixed in Version => 1.2.19
2015-01-25 18:17 dregadmin Status resolved => closed